package com.miniapp.properties;

import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.List;

/**
 * @author author
 * @date 2025-09-01 10:32
 */
@Data
@Component
@ConfigurationProperties(prefix = "security.sql-injection")
public class SqlInjectionProperties {

    /**
     * 是否启用SQL注入防护
     */
    private boolean enabled = true;

    /**
     * 白名单URL模式，支持Ant风格路径匹配
     * 例如: /api/comments/save
     */
    private List<String> whitelistUrls = new ArrayList<>();

    /**
     * 白名单参数名，对所有URL生效
     * 例如: content, html, richText
     */
    private List<String> whitelistParams = new ArrayList<>();

    /**
     * 自定义SQL注入检测正则表达式
     */
    private String pattern = ".*([';\\-\\+\\/\\*\\s]+|(union|select|insert|delete|update|drop|alter|exec|xp_)|--).*";
}
